CVE-2016-3102: Jenkins Script Security Plugin allows for Bypass of Groovy Sandbox Protection
(updated )
The Script Security plugin before 1.18.1 in Jenkins might allow remote attackers to bypass a Groovy sandbox protection mechanism via a plugin that performs (1) direct field access or (2) get/set array operations.
References
Code Behaviors & Features
Detect and mitigate CVE-2016-3102 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →